P
US11057433B2ActiveUtilityPatentIndex 57

System for and method of determining data connections between software applications

Assignee: JPMORGAN CHASE BANK NAPriority: Aug 1, 2018Filed: Aug 1, 2018Granted: Jul 6, 2021
Est. expiryAug 1, 2038(~12.1 yrs left)· nominal 20-yr term from priority
Inventors:RITCHEY RONALD WCHEN TA-WEITRAN KHANHLAURANCE DAVIDWIMBERLEY CEDRIC KENCHAKRABORTY PARTHASARATHICHETAL ARADHNAROBERTS DONALD B
H04L 63/107H04L 63/0236H04L 63/0263H04L 63/20
57
PatentIndex Score
0
Cited by
6
References
18
Claims

Abstract

A system for and a method of regulating the data interconnections between applications running on an infrastructure are provided. The system/method records access permission data into metadata embedded in the source code of each such application that regulates the data that can be received or transmitted by that application. In addition to regulating the receipt or transmission of data, the metadata can serve to provide instruction to firewalls and other regulating systems in order to configure those systems to allow the applications to receive and transmit data for which permissions have been recorded.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method of controlling data connections of an application program, the method comprising:
 establishing a service definition for the application program corresponding to an application development phase; 
 establishing definitions of allowed connections; 
 storing the service definition and the definitions of allowed connections in an application service registry; 
 embedding the definitions of allowed connections as metadata into a source code for the application program; 
 automatically deriving firewall rules from the metadata by,
 identifying a plurality of communication endpoints, the plurality of communication endpoints including the application program; 
 extracting the metadata corresponding to each of the plurality of communication endpoints; and 
 determining whether a connection between each of the plurality of communication endpoints is permitted based on a comparison of the extracted metadata; 
 
 automatically deriving an allowed application data listing from the metadata; and 
 configuring an application interface manager using the allowed application data listing. 
 
     
     
       2. The method of  claim 1 , wherein the definitions of allowed connections are also embedded as metadata in a corresponding application program. 
     
     
       3. The method of  claim 2 , further comprising creating a definition of data publications and data sources and wherein a databook is created that comprises definitions of critical data elements and data sourcing rules derived from the definition of data publications and data sources. 
     
     
       4. The method of  claim 1 , wherein the step of establishing definitions of allowed connections comprises identifying application types to which an application program is permitted to communicate. 
     
     
       5. The method of  claim 1 , wherein the step of establishing definitions of allowed connections comprises identifying application environments to which the application program is permitted to communicate. 
     
     
       6. The method of  claim 1 , wherein the step of establishing definitions of allowed connections comprises identifying ports through which the application program is permitted to communicate. 
     
     
       7. The method of  claim 1 , wherein the step of establishing definitions of allowed connections comprises defining geographic locations with which the application program is permitted to communicate. 
     
     
       8. The method of  claim 1 , wherein the step of establishing definitions of allowed connections comprises defining at least one data type from among an environmental variable, a location variable, a confidentiality variable, and a regulatory and compliance variable that may be communicated from the application program. 
     
     
       9. The method of  claim 1 , further comprising the steps of:
 comparing an attempt to access a connection by an application program running in a test environment with the definitions of allowed connections; and 
 recording each attempt to access a connection that is not included in the definition of allowed connections. 
 
     
     
       10. A system for automatically regulating data connections of an application program, the system comprising:
 an application service registry; 
 a source data repository in communication with the application service registry; 
 the application service registry comprising software instructions that when executed by a first processor cause the first processor to:
 extract metadata information pertaining to permitted application data connections; 
 the source data repository comprising software instructions that when executed by a second processor, cause the second processor to:
 establish a software application requirements definition for the application program corresponding to an application development phase, the software application requirements definition comprises allowed connections with other applications and data sources; 
 store the definitions of allowed connections to a metadata document; 
 embed the definitions of allowed connections as metadata into a source code for the application program; 
 automatically establish firewall rules from the metadata to,
 identify a plurality of communication endpoints, the plurality of communication endpoints including the application program; 
 extract the metadata corresponding to each of the plurality of communication endpoints; and 
 determine whether a connection between each of the plurality of communication endpoints is permitted based on a comparison of the extracted metadata; 
 
 automatically establish an allowed application data listing from the metadata; and 
 configure an application interface manager using the allowed application data listing. 
 
 
 
     
     
       11. The system of  claim 10 , further comprising software instructions that cause the second processor to create a definition of data publications and data sources. 
     
     
       12. The system of  claim 10 , further comprising software instructions that cause the second processor to create a databook that comprises definitions of critical data elements and data sourcing rules derived from the definition of data publications and data sources. 
     
     
       13. The system of  claim 10 , wherein the step of establishing a software application requirements definition further comprises identifying allowed connections with other applications and data sources. 
     
     
       14. The system of  claim 10 , wherein the step of establishing a software application requirements definition further comprises identifying application environments to which the application program is permitted to communicate. 
     
     
       15. The system of  claim 10 , wherein the step of establishing a software application requirements definition further comprises defining ports through which the application program is permitted to communicate. 
     
     
       16. The system of  claim 10 , wherein the step of establishing a software application requirements definition further comprises defining geographic locations from which the application program is permitted to communicate. 
     
     
       17. The system of  claim 10 , wherein the step of establishing a software application requirements definition further comprises defining at least one data type from among an environmental variable, a location variable, a confidentiality variable, and a regulatory and compliance variable that may be communicated from the application program. 
     
     
       18. The system of  claim 10 , further comprising an application interface manager, the application interface manager comprising software instructions that when executed by the application interface manager cause the application interface manager to:
 compare an attempt to access a connection by an application program running in a test environment with the definitions of allowed connections; and 
 record access attempts to connections that are not including in the definition of allowed connections.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.